ES2353662T3 - APPLIANCE, PROCEDURE AND AUTHENTICATION SYSTEM. - Google Patents

Abstract

Portable electronic device (201), for authentication of a user, comprising a transponder (202) with a memory unit (203), means (204) for writing user-specific information in the transponder memory unit (203) , and a calculation means arranged to calculate an authentication code based on a specific user key and a requirement code and using an algorithm, in which said transponder unit (202) further comprises a means for, upon receipt of a interrogation signal comprising said requirement code, generating a response signal comprising the user-specific information including the authentication code, to authenticate the user, characterized in that it also comprises a detachable subscriber SIM unit from which the user specific information.

Description

Field of the Invention

The invention relates to an electronic and portable device according to the preamble of claim 1, to a method for use in a questioning apparatus according to claim 10 and to a system for authenticating a user according to the preamble of the claim 13.

Background of the Technique

RFID transponders, often referred to as RFID tags (RFID = Radio Frequency Identification) are widely used for recognition of people and objects. An RFID transponder can be idealized as a small tag and carries stored information, such as an identification number, identification of an object or a person. In order to retrieve the stored information, a questioning apparatus is used. The device emits a radio signal or interrogative field, which causes the RFID transponder to respond with a signal comprising the stored information. Then, the questioning apparatus can receive the response signal. Such RFID transponders are used, for example, in connection with an access control or as an alternative to a barcode. In other normal applications, RFID transponders are used in car immobilizers and to identify pets. It has been suggested to provide portable electronic devices, such as mobile phones, with RFID transponders. This enables more functionalities in connection with said devices. For example, a mobile phone can also be used as an access control card. Such functionalities often need strong security. A problem with the use of such devices in this way is that they are sometimes stolen, lost, sold or disposed of. Any right of access or user registration given to the identity of the associated RFID transponder is then inherited by the new holder of the device. This leads to a lack of security, since the device can be misused, and makes the portable electronic RFID transponder less reliable. WO 02/11074 A2 discloses an electronic device coverage with a radiofrequency transponder that is sensitive to the interrogation signal. In response to the question mark, the coverage presents an electronic identification number (and other information). The coverage may further comprise a memory in which the identification number can be stored. The device can be used to provide applications to a mobile phone, for example, which acts as a bank card, or payment card.

Summary of the Invention

An objective of the present invention is to eliminate all or part of the aforementioned problems. This objective is achieved with a portable electronic device as defined in claim 1, a method as defined in claim 6 and a system as defined in claim 9. According to a first aspect, the invention relates more specifically to a portable electronic device comprising a transponder with a memory unit. The device is characterized by the means of writing the user-specific information in the memory unit of the transponder, so that the transponder, after receiving an interrogation signal, generates a response signal comprising user-specific information. In said device the RFID functionality is not statically linked to the device itself, but rather to the user of the device. This eliminates the problem associated with electronic devices that change hands as described above. In a preferred embodiment, the portable electronic device comprises means for calculating an identification code, included in the user-specific information. This provides the use of user-specific information that is used only once, thus providing enhanced credibility. If a detachable subscriber unit is used, the calculation means may preferably be located within this unit. Preferably, the authentication code can be calculated on the basis of a specific user key, a requirement code and the use of an algorithm. This allows excellent credibility and can be easily implemented in systems in which said algorithms are used for other reasons, such as for example GSM systems. The requirement code may preferably be comprised in the interrogation signal received by the portable electronic device. Preferably, a portable electronic device may comprise a removable subscriber unit from which the user retrieves the user-specific information. Said unit may be, in the case of a GSM mobile phone, a SIM unit, which then provides the user with specific information that is independent of the telephone used. In another embodiment, the user-specific information may be a user identity number, such as, for example, an IMSI number. This allows authentication to be carried out simply. Preferably, the portable electronic device may be a GSM mobile phone. Preferably, the transponder may be designed for use as an RFID tag. According to a second aspect, the invention relates to a method of use in an interrogation apparatus for authentication of a user, which is a carrier of a portable electronic device comprising a transponder with a memory unit. The method comprises the steps of: transmitting a transponder interrogation signal to the transponder of the portable device; receiving a response signal, comprising user-specific information, from the transponder, said user-specific information that is written, by means of the portable electronic device, into a memory unit of the transponder; and determination of the authenticity of the user based on the specific user information. Similarly to the device mentioned above, this procedure allows reliable and user-oriented authentication. Preferably, in the procedure, the interrogation signal to the transponder comprises a requirement code, which allows the portable device to calculate an authentication code for transmission by the transponder, based on the calculation in the requirement code and in a specific key of user and in the use of an algorithm. The response signal comprises this authentication code. Next, the received authentication code is compared with an authentication code calculated in the same way on the device side of the air interface. Next, the authenticity of the user is determined based on the comparison. This procedure allows excellent credibility. Preferably in the process, the transponder may be designed to be used as an RFID tag. According to a third aspect, the invention relates to a system for authenticating a user, bearer of a portable electronic device, comprising a transponder with a memory unit. The system comprises an interrogation apparatus and is characterized by means of the interrogation apparatus for transmitting an interrogation signal from the transponder to the transponder of the portable device; means of the interrogation apparatus for receiving a response signal, comprising user-specific information, from the transponder, said user-specific information being written, by means of the portable electronic device, into a memory unit of the transponder; and means for determining the authenticity of the user based on the specific user information. Said system can operate in connection with or include a portable electronic device and allows user-oriented authentication with high credibility. Preferably, in the system, the transponder interrogation signal comprises a requirement code, which allows the portable electronic device to calculate an authentication code for transmission by the transponder, based on the calculation in the requirement code and in a specific key. of user and in the use of an algorithm. The response signal comprises the authentication code and the system comprises means for comparing the received authentication code with an authentication code calculated in the same way on the side of the air interface apparatus. The system also includes means for determining the authenticity of the user based on the comparison. This system allows excellent credibility. In a preferred embodiment, the transponder is designed for use as an RFID tag.

Brief Description of the Drawings

Figure 1 illustrates the basic concept of RFID transponders. Figure 2 shows a block diagram of a portable electronic device according with an embodiment of the invention. Figures 3a-3c illustrate embodiments of the invention with features that improve the security.

Description of Preferred Embodiments

RFID tags (RFID = Radio Frequency Identification) or RFID transponders are carriers of information widely used in modern technology. The well-known basic concept of RFID transponders is illustrated by means of an example in Figure 1, in which a transponder 101 (shown enlarged) is attached to an object 102, from which information is to be retrieved by means of a interrogation apparatus 103, sometimes referred to as a reading device.

The transponder 101 comprises an antenna 104 and an integrated circuit (IC) 105, which comprises a transponder memory unit. In order to, for example, identify the object 102, the interrogation apparatus transmits a radio signal 106, emitted as an electromagnetic field, which is picked up by the antenna 104 of the transponder and sent by IC 105 of the transponder. This causes the transponder 101 to transmit a response signal 107 comprising information that is stored in the memory unit of the IC 105. The information may be identification information of the object 102. The transmission is performed using the antenna 104 of the transponder. Thus, the reading device receives information from the transponder. There are passive transponders and active transponders. Passive transponders have no internal power supply whatsoever. Instead, active transponders use electrical energy in the received interrogation signal to create the response signal. Active transponders, on the other hand, are endowed with, or connected to, some type of electrical supply. The transponder IC can be programmed with information in different ways. Information can be permanently included in the hardware when manufactured from IC. It can also be stored in the IC using cables, or an interrogation device via the air interface. Therefore, there are transponders only for reading as well as reading / writing. The operating frequencies of the transponder vary between 30 kHz (low frequency transponders) and more than 2.5 GHz (high frequency transponders). The amount of information stored varies from a few bytes (passive read-only transponders) up to 1 MB (active read / write transponders). The reading ranges vary from a few centimeters to tens of meters. An advantage of transponders compared to other carriers of information such as, for example, bar codes, is that a line of sight is not necessary between the reading device (interrogation apparatus) and the information carrier (transponders). The time required to read a transponder is often less than 100 ms. Figure 2 shows a block diagram of a portable electronic device 201 according to an embodiment of the invention. In this embodiment, the device 201 is a GSM mobile phone. When said mobile phone is used, a SIM module (SIM = Subscriber Identity Module), which is a detachable subscriber unit, is inserted into the phone. The SIM module contains user-specific data and is accessible to the CPU (CPU = Central Processing Unit) of the phone.

In this embodiment, the telephone comprises an interface 204 between the CPU and the memory unit 203 of an RFID transponder 202 integrated in the telephone. This interface allows the phone's CPU to write user-specific information in the memory unit 203 in the transponder IC. Preferably, interface 204 allows the CPU to both write information on memory unit 203 and read information from memory. Furthermore, it may be advantageous for the interface (104) to allow the memory unit to transmit interrupt signals to the CPU, for example, if the transponder has received an interrogation signal. In this embodiment, the CPU retrieves the IMSI number (IMSI = International Mobile Subscriber Identity) from the SIM module. IMSI is a number with up to 15 digits that unequivocally identifies a subscriber and, therefore, a user. The interface between the CPU and the transponder can be used for functionalities implemented by software, and can allow the transfer of information in both directions between the transponder and the CPU. The SIM module and the IMSI number are standard aspects of GSM systems. Security can be improved by requiring a PIN code to activate the SIM unit (PIN = Personal Identification Number). User-specific data (IMSI) can then be written to the memory unit as soon as the PIM code has been read. The CPU is designed to write the IMSI number or code derived from the IMSI number in the transponder memory unit. Now, after the interrogation, the transponder transmits the IMSI number and, therefore, user-specific information, to an interrogation apparatus. If the identification procedure is associated with a payment, for example, the electronic payment of a bus ticket, this payment can be made, preferably, by subscribing mobile users. The invention can be widely used in connection with, for example, vending machines, access control systems, cinemas etc. Such services need to be provided with an interrogation apparatus, capable of contacting a device according to an embodiment of the invention. If a payment is involved as described above, preferably, the user may have to accept the payment in the user interface of the device before making use of the service (eg, movie ambiguity or vending machine that dispatches items). Figures 3a-3c illustrate embodiments of systems of the invention with features that improve safety. There is a risk that the transmission of the IMSI number, as described in connection with Figure 2, may be heard by a third party and that it may be misused by this third party. In applications where this is critical, a more sophisticated approach can be considered. GSM systems support features for authentication of a subscriber. These features involve a key, subscriber authentication Ki and an A3 authentication algorithm. In GSM systems, the SIM module, when equipped with a 128-bit pseudo-random number, called RAND, calculates, based on Ki and RAND and using A3, a signed response, SRES. This allows the mobile phone system to authenticate a subscriber. The A3 algorithm is designed so that it is extremely difficult to calculate Ki with RAND, SRES and A3 by hand. RAND can be called a requirement code, while SRES can be called an authentication code. This functionality can be used in connection with an embodiment of the invention, as illustrated in Figure 3a. In one procedure, an interrogation apparatus (IA) emits a signal / field comprising a RAND number. This signal is received by the transponder antenna and sent to the transponder IC. The CPU of the mobile electronic device reads the RAND number of the IC and sends the number to the SIM unit. In the SIM unit an SRES (signed response) is calculated based on the RAND number, the Ki of the SIM unit, and using the A3 algorithm. The SRES is sent to the CPU, which then writes the SRES, which is user-specific information, in the memory of the transponder IC. Next, the transponder emits a signal containing the SRES, which can be received by the interrogation apparatus. Now, the interrogation apparatus can verify that the received SRS coincides with an SRES, calculated in the same way, but on the side of the aerial interface apparatus, between the transponder and the interrogation apparatus. It should be noted that this embodiment can preferably be combined with the first embodiment, that is, both the IMSI number and the SRES can be sent. There are several ways by which the interrogation apparatus can obtain a RAND and an SRES that are indicative of given subscribers. As a first alternative, the interrogation apparatus can generate a random RAND number and then generate the SRES itself. However, this requires that the interrogation apparatus be aware of the key, Ki, authentication, Ki. These keys are normally kept very secret, for example, only in the SIM unit and on a single server, such as HOMEMSC users (MSC = Mobile Services Switching Center). Therefore, it is likely that the interrogation apparatus will not be able to access the authentication key. Instead, the interrogation apparatus can, as illustrated in Figure 3b, generate RAND and request the corresponding SRES from said server.

Alternatively, the interrogation apparatus may request, for a specific subscriber, a RAND and an SRES corresponding to this RAND. In order to use the correct authentication key, the server or the interrogation device, which calculates the SRES, must know the identity of the subscriber. The interrogation apparatus can therefore, if the identity of the user is not already known, first obtain the identity of the user, for example the IMS number, as described in connection with Figure 2 and then perform the authentication as It was described in connection with Figures 3a-3c. A third party, who secretly obtains the IMSI, cannot authenticate itself with the RAND and the SRES, as a subscriber in front of the interrogation apparatus, unless the interrogation apparatus uses the same RAND number again, which is very unlikely ( pseudo-random number of 128 bits, 2128 possibilities). Therefore, SRES can be considered a single-use code to achieve excellent credibility. The previous example is related to the GSM standard. The invention can also be used in connection with other types of mobile phone, provided that the specific user / subscriber information is stored in the phone. However, the invention is also useful in connection with other digital devices, such as, for example, PDAs (PDA = Personal Digital Assistant). Next, an RFID transponder is mounted on the PDA, and the PDA provides user specific information to the IC of the transponder, which may be stored in the PDA or in a memory card inserted in the PDA. It should also be noted that the user-specific information can be manually entered into a portable electronic device using various user interfaces. For example, a user can enter a personal identity number or a subscriber number on a device, whose number can then be used by the device to authenticate the user. In summary, the invention relates to a portable electronic device such as a mobile phone. The device is equipped with a transponder and can be used for authentication purposes. The device includes means for writing user-specific information in a memory unit, connected to the transponder. Thus, when a question reading device simulates the transponder, the transponder issues the user-specific information. This allows the authentication of a user instead of that of a device. In a preferred embodiment, a user-specific key is used, by means of which a single-use code is generated, which is used when the user-specific information is issued. The invention also relates to a method and a system, which can work in connection with said device.

Claims (11)

one.

Portable electronic device (201), for authentication of a user, comprising a transponder (202) with a memory unit (203), means (204) for writing user-specific information in the transponder memory unit (203) , and a calculation means arranged to calculate an authentication code based on a specific user key and a requirement code and using an algorithm, in which said transponder unit (202) further comprises a means for, upon receipt of a interrogation signal comprising said requirement code, generating a response signal comprising the user-specific information including the authentication code, to authenticate the user, characterized in that it also comprises a detachable subscriber SIM unit from which the user specific information.

2.

Portable electronic device as claimed in claim 1, wherein the calculation means is located within the detachable subscriber SIM unit.

3.

Portable electronic device as claimed in claim 1, wherein the user-specific information is an IMSI user identity number.

Four.

Portable electronic device as claimed in any one of the preceding claims, wherein the device is a mobile telephone.

5.

Portable electronic device as claimed in any one of the preceding claims, wherein the transponder is intended to be used as an RFID tag.

6.

Procedure for use in an interrogation apparatus for authentication of a user, which carries a portable electronic device, comprising a calculation means and a transponder with a memory unit comprising:

-transmission of a transponder interrogation signal comprising a requirement code to the transponder of the portable device; -reception of a response signal, comprising user-specific information containing an authentication code, of the transponder, said user-specific information being written, by means in the portable electronic device, in a transponder memory unit, in that the authentication code is calculated on the basis of the requirement code and a specific user key and using an algorithm; and -determination of user authenticity based on user-specific information.

7.

Method as claimed in claim 6, wherein co code of Authentication received is compared with an authentication code calculated from it way on the side of the air interface apparatus; and in which the authenticity of the user based on comparison.

8.

Method as claimed in any of claims 6 or 7, in the The transponder is designed to be used as an RFID tag.

9.

System for authentication of a user, who carries a portable electronic device, comprising calculation means and a transponder with a memory unit, the system comprising an interrogation apparatus, characterized by

- a means in the interrogation apparatus for the transmission of a transponder interrogation signal comprising a requirement code to the transponder of the portable device; - a means in the interrogation apparatus for the reception of a response signal, which comprises user-specific information, which contains an authentication code, of the transponder, said user-specific information being written, by means in the portable electronic device , in a memory unit of the transponder, in which the authentication code is calculated based on the requirement code and a user-specific key and using an algorithm; and -a means for determining the authenticity of the user based on the specific user information.

10.

System as claimed in claim 9, wherein the system comprises means for comparing the received authentication code with an authentication code calculated in the same way on the side of the air interface apparatus; and in

which the system comprises a means for determining the authenticity of the user based on the comparison.

eleven.

System as claimed in claim 9 or 10, wherein the transponder is designed to be used as an RFID tag.